Beware of Latest Android Malware on Google Play

Android users take note: There is a new malware in the Google Play Store that is attacking your data. Dubbed “Facestealer”, this new malware can steal personal information from your phone, steal your social media passwords forcing fake logins, and bomb your device with invasive ads.

Security researchers at Doctor Web Anti-Virus first detected Facestealer in 10 Android apps back in July 2021, but the latest batch of questionable downloads includes 200 malicious apps, almost all of which were available on the Google Play Store and other third-party marketplaces. a few weeks before they were demolished.

While problematic applications fell into a variety of categories, the most common were:

  • Fake VPN Services
  • Camera and photo editing apps
  • and, not surprisingly, applications related to cryptocurrency.

Fake crypto apps have even been infected with additional malware that could potentially steal the user’s wallet keys.

All 200 apps have been removed from Google Play and other download sources. However, many of these apps have been downloaded thousands of times in the few weeks they’ve been available. Of course, users didn’t intentionally download malware — such apps often seem legitimate at first glance and even include all of the advertised features or copy the look and design of other apps to make them look more like the real thing.

These apps can even fool Google. While Google Play has built-in anti-malware tools and scans all applications uploaded to the service, malware developers have developed sophisticated ways to hide their illegal intentions. So while Google’s scan is clear, the code hides simple commands that install a hidden malware payload or silently download it in the background from an external server. (Other infamous Android malware such as Joker and Octo also work.)

While Google may eventually catch on to these tricks, they are often retaliatory rather than proactive, meaning that new infection methods can emerge at any time and take weeks to discover. This is a serious flaw in Google and Android security measures and cannot be fixed overnight.

However, avoiding Android malware isn’t impossible; you just need to be mindful of what you’re downloading so you can detect problematic apps proactively.

How to Avoid Android Malware

We have previously discussed many telltale signs of a malicious application, including (but not limited to) if the application:

  • Requests excessive and unrelated application permissions. For example, a VPN doesn’t need access to your camera.
  • Requires installation of “additional software” or attempts to download additional applications.
  • Spamming you with ads.
  • Suddenly asks for payment information to continue using free features (especially if said features are available for free from other apps or are already built into your device).
  • It is an obvious plagiarism of other popular applications.
  • Only available in sketchy or unknown third-party stores.

Obviously, not every fake app will be alarming – that’s partly why they’re so common – so always check reviews first. And I mean really read the reviews. Don’t just check the app’s star rating or browse the highest rated reviews. If you notice a bunch of 1-star reviews saying questionable behavior or poor quality, or single 5-star reviews without much information, then it’s probably fake.

And if you’re ever in doubt, just don’t download it. And if you upload something that later turns out to be suspicious or outright scam, delete it, leave a review to warn others, and report the app to Google.

[ hacker news ]

More…

Leave a Reply